-
Notifications
You must be signed in to change notification settings - Fork 13
119 lines (118 loc) · 4.12 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
on: [push, pull_request]
name: Test
jobs:
test:
strategy:
fail-fast: false
matrix:
go-version: [1.22.x, 1.23.x]
openssl-version: [1.0.2, 1.1.0, 1.1.1, 3.0.1, 3.0.13, 3.1.5, 3.2.1, 3.3.0, 3.3.1]
runs-on: ubuntu-20.04
steps:
- name: Install build tools
run: sudo apt-get install -y build-essential
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v4
- name: Install OpenSSL
run: sudo sh ./scripts/openssl.sh ${{ matrix.openssl-version }}
- name: Check headers
working-directory: ./cmd/checkheader
run: go run . --ossl-include /usr/local/src/openssl-${{ matrix.openssl-version }}/include -shim ../../shims.h
- name: Set OpenSSL config and prove FIPS
run: |
sudo cp ./scripts/openssl-3.cnf /usr/local/ssl/openssl.cnf
go test -v -count 0 . | grep -q "FIPS enabled: true"
if: ${{ matrix.openssl-version == '3.0.1' }}
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
- name: Run Test
# Run each test 10 times so the garbage collector chimes in
# and exercises the multiple finalizers we use.
# This can detect use-after-free and double-free issues.
run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
- name: Run Test with address sanitizer
run: |
ok=true
for t in $(go test ./... -list=. | grep '^Test'); do
go test ./... -gcflags=all=-d=checkptr -asan -run ^$t$ -v || ok=false
done
$ok
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
wintest:
runs-on: windows-2022
strategy:
fail-fast: false
matrix:
go-version: [1.22.x, 1.23.x]
openssl-version: [libcrypto-1_1-x64.dll, libcrypto-3-x64.dll]
steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v4
- name: Run Test
run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
mactest:
strategy:
fail-fast: false
matrix:
go-version: [1.22.x, 1.23.x]
openssl-version: [libcrypto.3.dylib]
runs-on: macos-12
steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v4
- name: Run Test
run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
azurelinux:
runs-on: ubuntu-latest
container: mcr.microsoft.com/oss/go/microsoft/golang:1.23-azurelinux3.0
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run Test
run: go test -v ./...
mariner2:
runs-on: ubuntu-latest
container: mcr.microsoft.com/oss/go/microsoft/golang:1.23.1-3-cbl-mariner2.0
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run Test
run: go test -v ./...
# Verify that golang-fips/openssl builds successfully without cgo enabled.
#
# A project can avoid attempting to build the openssl package by only
# importing it from Go files with a cgo build tag. However, this isn't always
# reasonable. In that case, we can help by making sure the openssl package
# builds successfully even without cgo.
#
# For example, the Microsoft Go toolset fork builds this module without cgo
# for a cross-platform build.
#
# The golang-fips/openssl module can't do any crypto when built without cgo,
# but it exports a few simple functions and types.
cgolessbuild:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run Build
run: CGO_ENABLED=0 go build ./...